← Back to BlogBusiness Security

Cloud Security 101: Phishing Threats in Google Drive and OneDrive

Cloud Security 101: Phishing Threats in Google Drive and OneDrive

Cloud storage has transformed how Australian businesses operate. Google Drive, OneDrive, Dropbox — they've made collaboration easy, remote work seamless, and file sharing effortless.

They've also given scammers a new set of tools.

Why cloud platforms are attractive for phishers:

Phishing links embedded in emails often get caught by security filters. But a link to `drive.google.com` or `onedrive.live.com`? That's a trusted domain. Security tools don't block it. You click through freely.

This is what scammers exploit.

Common cloud-based phishing attacks:

1. Fake shared document notifications You receive an email that looks like a legitimate Google Drive or OneDrive sharing notification: "[Colleague's Name] has shared a document with you." You click, get directed to a real-looking login page, enter your credentials — and the login page is fake.

The email might be spoofing your colleague's address, or their actual account might have been compromised.

2. Malware hosted in cloud storage A scammer uploads a malicious file to Google Drive, OneDrive, or Dropbox and shares the link. Because the download link comes from a legitimate cloud domain, it bypasses many email security filters. The file installs malware when opened.

3. Phishing pages hosted in cloud Incredibly, scammers have used Google Sites, SharePoint, and even Notion to host convincing fake login pages — because a URL at `sites.google.com` or `sharepoint.com` looks more trustworthy than a random domain.

How to protect yourself:

  1. Always verify the sender before clicking a shared document link. Confirm with the person directly (by message or phone) that they actually shared something with you.
  1. Don't enter your login credentials via a link from an email. If you receive a Google Drive notification, open Google Drive directly in your browser instead of clicking through.
  1. Enable MFA on all your cloud accounts. Google, Microsoft, Dropbox — all of them.
  1. Review who has access to your cloud files regularly. Compromised accounts can be used to exfiltrate data from shared drives.
  1. For businesses: Use a cloud access security broker (CASB) or your cloud provider's built-in security tools to monitor for unusual file access patterns.

The golden rule

If you weren't expecting a shared file, verify before you click. This applies even if the email appears to come from a colleague.

Learn to spot cloud-based phishing at Phishbate →

Think you can spot a phish?

Put your knowledge to the test with the Phishbate interactive quiz. It only takes a few minutes.

Take the Quiz →